当前位置: 首页>>代码示例>>Java>>正文


Java JWTClaimsSet.setIssuer方法代码示例

本文整理汇总了Java中com.nimbusds.jwt.JWTClaimsSet.setIssuer方法的典型用法代码示例。如果您正苦于以下问题:Java JWTClaimsSet.setIssuer方法的具体用法?Java JWTClaimsSet.setIssuer怎么用?Java JWTClaimsSet.setIssuer使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在com.nimbusds.jwt.JWTClaimsSet的用法示例。


在下文中一共展示了JWTClaimsSet.setIssuer方法的9个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。

示例1: getJWT

import com.nimbusds.jwt.JWTClaimsSet; //导入方法依赖的package包/类
protected SignedJWT getJWT(String sub, Date expires, RSAPrivateKey privateKey)
    throws Exception {
  JWTClaimsSet claimsSet = new JWTClaimsSet();
  claimsSet.setSubject(sub);
  claimsSet.setIssueTime(new Date(new Date().getTime()));
  claimsSet.setIssuer("https://c2id.com");
  claimsSet.setCustomClaim("scope", "openid");
  claimsSet.setExpirationTime(expires);
  List<String> aud = new ArrayList<String>();
  aud.add("bar");
  claimsSet.setAudience("bar");

  JWSHeader header = new JWSHeader.Builder(JWSAlgorithm.RS256).build();

  SignedJWT signedJWT = new SignedJWT(header, claimsSet);
  Base64URL sigInput = Base64URL.encode(signedJWT.getSigningInput());
  JWSSigner signer = new RSASSASigner(privateKey);

  signedJWT.sign(signer);

  return signedJWT;
}
 
开发者ID:aliyun-beta,项目名称:aliyun-oss-hadoop-fs,代码行数:23,代码来源:TestJWTRedirectAuthentictionHandler.java

示例2: selfIssue

import com.nimbusds.jwt.JWTClaimsSet; //导入方法依赖的package包/类
public String selfIssue() {
	JWSSigner signer = new RSASSASigner((RSAPrivateKey) keyPair.getPrivate());

	List<String> aud = new ArrayList<String>();
	aud.add(Constants.POYNT_API_HOST);

	JWTClaimsSet claimsSet = new JWTClaimsSet();
	claimsSet.setAudience(aud);
	claimsSet.setSubject(config.getAppId());
	claimsSet.setIssuer(config.getAppId());
	Calendar now = Calendar.getInstance();
	claimsSet.setIssueTime(now.getTime());
	now.add(Calendar.MINUTE, 15);
	claimsSet.setExpirationTime(now.getTime());
	claimsSet.setJWTID(UUID.randomUUID().toString());

	SignedJWT signedJWT = new SignedJWT(new JWSHeader(JWSAlgorithm.RS256), claimsSet);

	try {
		signedJWT.sign(signer);
	} catch (JOSEException e) {
		throw new PoyntSdkException("Failed to sign self issued JWT.");
	}
	return signedJWT.serialize();
}
 
开发者ID:poynt,项目名称:java-cloud-sdk,代码行数:26,代码来源:JsonWebToken.java

示例3: getJWT

import com.nimbusds.jwt.JWTClaimsSet; //导入方法依赖的package包/类
protected SignedJWT getJWT(String sub, Date expires, RSAPrivateKey privateKey)
    throws Exception {
  JWTClaimsSet claimsSet = new JWTClaimsSet();
  claimsSet.setSubject(sub);
  claimsSet.setIssueTime(new Date(new Date().getTime()));
  claimsSet.setIssuer("https://c2id.com");
  claimsSet.setCustomClaim("scope", "openid");
  claimsSet.setExpirationTime(expires);
  List<String> aud = new ArrayList<String>();
  aud.add("bar");
  claimsSet.setAudience("bar");

  JWSHeader header = new JWSHeader.Builder(JWSAlgorithm.RS256).build();

  SignedJWT signedJWT = new SignedJWT(header, claimsSet);
  JWSSigner signer = new RSASSASigner(privateKey);

  signedJWT.sign(signer);

  return signedJWT;
}
 
开发者ID:hopshadoop,项目名称:hops,代码行数:22,代码来源:TestJWTRedirectAuthentictionHandler.java

示例4: generateJWT

import com.nimbusds.jwt.JWTClaimsSet; //导入方法依赖的package包/类
protected String generateJWT(User user) throws Exception {

        RSAPrivateKey privateKey = getPrivateKey(keyStore, keyStorePassword, alias);
        // Create RSA-signer with the private key
        JWSSigner signer = new RSASSASigner(privateKey);

        // Prepare JWT with claims set
        JWTClaimsSet claimsSet = new JWTClaimsSet();
        claimsSet.setSubject(user.getName());
        claimsSet.setClaim("email", user.getEmail());
        claimsSet.setClaim("roles", user.getRoles());
        claimsSet.setIssuer("wso2.org/products/msf4j");
        claimsSet.setExpirationTime(new Date(new Date().getTime() + 60 * 60 * 1000)); //60 min

        SignedJWT signedJWT = new SignedJWT(new JWSHeader(JWSAlgorithm.RS256), claimsSet);

        // Compute the RSA signature
        signedJWT.sign(signer);

        // To serialize to compact form, produces something like
        // eyJhbGciOiJSUzI1NiJ9.SW4gUlNBIHdlIHRydXN0IQ.IRMQENi4nJyp4er2L
        // mZq3ivwoAjqa1uUkSBKFIX7ATndFF5ivnt-m8uApHO4kfIFOrW7w2Ezmlg3Qd
        // maXlS9DhN0nUk_hGI3amEjkKd0BWYCB8vfUbUv0XGjQip78AI4z1PrFRNidm7
        // -jPDm5Iq0SZnjKjCNS5Q15fokXZc8u0A

        return signedJWT.serialize();
    }
 
开发者ID:wso2,项目名称:msf4j,代码行数:28,代码来源:JWTGenerator.java

示例5: buildIDToken

import com.nimbusds.jwt.JWTClaimsSet; //导入方法依赖的package包/类
/**
 * To build id token from OauthToken request message context
 *
 * @param request Token request message context
 * @return Signed jwt string.
 * @throws IdentityOAuth2Exception
 */
protected String buildIDToken(OAuthTokenReqMessageContext request)
        throws IdentityOAuth2Exception {

    String issuer = OAuth2Util.getIDTokenIssuer();
    long lifetimeInMillis = OAuthServerConfiguration.getInstance().
            getApplicationAccessTokenValidityPeriodInSeconds() * 1000;
    long curTimeInMillis = Calendar.getInstance().getTimeInMillis();
    // setting subject
    String subject = request.getAuthorizedUser().getAuthenticatedSubjectIdentifier();
    if (!StringUtils.isNotBlank(subject)) {
        subject = request.getAuthorizedUser().getUserName();
    }
    // Set claims to jwt token.
    JWTClaimsSet jwtClaimsSet = new JWTClaimsSet();
    jwtClaimsSet.setIssuer(issuer);
    jwtClaimsSet.setSubject(subject);
    jwtClaimsSet.setAudience(Arrays.asList(request.getOauth2AccessTokenReqDTO().getClientId()));
    jwtClaimsSet.setClaim(Constants.AUTHORIZATION_PARTY, request.getOauth2AccessTokenReqDTO().getClientId());
    jwtClaimsSet.setExpirationTime(new Date(curTimeInMillis + lifetimeInMillis));
    jwtClaimsSet.setIssueTime(new Date(curTimeInMillis));
    addUserClaims(jwtClaimsSet, request.getAuthorizedUser());

    if (JWSAlgorithm.NONE.getName().equals(signatureAlgorithm.getName())) {
        return new PlainJWT(jwtClaimsSet).serialize();
    }
    return signJWT(jwtClaimsSet, request);
}
 
开发者ID:wso2,项目名称:msf4j,代码行数:35,代码来源:JWTAccessTokenBuilder.java

示例6: generateIdToken

import com.nimbusds.jwt.JWTClaimsSet; //导入方法依赖的package包/类
@Override
public void generateIdToken(String code, String userId, String clientId, String nonce, long authTime, String accessToken, long expireTime) {
    try {
        byte[] encoded = Base64.decodeBase64(JophielProperties.getInstance().getIdTokenPrivateKey().getBytes("utf-8"));
        PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(encoded);
        KeyFactory kf = KeyFactory.getInstance("RSA");
        RSAPrivateKey privateKey = (RSAPrivateKey) kf.generatePrivate(keySpec);

        JWSSigner signer = new RSASSASigner(privateKey);

        JWTClaimsSet claimsSet = new JWTClaimsSet();
        claimsSet.setSubject(userId);
        claimsSet.setAudience(clientId);
        claimsSet.setIssuer(JophielProperties.getInstance().getJophielBaseUrl());
        claimsSet.setIssueTime(new Date(System.currentTimeMillis()));
        claimsSet.setExpirationTime(new Date(expireTime));
        claimsSet.setClaim("auth_time", authTime);
        claimsSet.setClaim("at_hash", JudgelsPlayUtils.hashMD5(accessToken).substring(accessToken.length() / 2));

        SignedJWT signedJWT = new SignedJWT(new JWSHeader(JWSAlgorithm.RS512), claimsSet);
        signedJWT.sign(signer);

        IdTokenModel idTokenModel = new IdTokenModel();
        idTokenModel.userJid = userId;
        idTokenModel.clientJid = clientId;
        idTokenModel.code = code;
        idTokenModel.redeemed = false;
        idTokenModel.token = signedJWT.serialize();

        idTokenDao.persist(idTokenModel, IdentityUtils.getUserJid(), IdentityUtils.getIpAddress());

    } catch (NoSuchAlgorithmException | InvalidKeySpecException | JOSEException | UnsupportedEncodingException e) {
        throw new RuntimeException(e);
    }
}
 
开发者ID:judgels-deprecated,项目名称:judgels-jophiel,代码行数:36,代码来源:ClientServiceImpl.java

示例7: userToClaims

import com.nimbusds.jwt.JWTClaimsSet; //导入方法依赖的package包/类
/**
 * Converts a User and its Groups into a JWTClaimsSet.
 *
 * Groups are converted into a List so the List will get serialized as a
 * JSON Array, which GoInstant requires.
 */
private static JWTClaimsSet userToClaims(User user) {
    JWTClaimsSet claims = new JWTClaimsSet();

    String id = user.getID();
    String displayName = user.getDisplayName();
    checkIdAndDn(id, displayName);

    String domain = user.getDomain();
    if (domain == null || domain.length() == 0)
        throw new IllegalArgumentException(
            "domain must be a non-empty String");

    claims.setAudience(AUDIENCE);
    claims.setSubject(id);
    claims.setIssuer(domain);
    claims.setCustomClaim("dn", displayName != null ? displayName : id);

    Map<String,Object> custom = user.getCustomClaims();
    for (Map.Entry<String,Object> entry : custom.entrySet()) {
        String key = entry.getKey();
        if (RESERVED_CLAIMS.contains(key)) {
            throw new IllegalArgumentException("The '"+key+"' claim cannot be custom for a User");
        }
        claims.setClaim(key, entry.getValue());
    }

    Set<Group> groups = user.getGroups();
    if (groups.size() > 0) {
        // Lists will get serialized as JSON Arrays
        ArrayList<Object> g = new ArrayList<Object>(groups.size());
        for (Group group : groups) {
            g.add(groupToMap(group));
        }
        claims.setCustomClaim("g", g);
    }

    return claims;
}
 
开发者ID:goinstant,项目名称:java-goinstant-auth,代码行数:45,代码来源:Signer.java

示例8: issueToken

import com.nimbusds.jwt.JWTClaimsSet; //导入方法依赖的package包/类
public static JWT issueToken(String principal, String group, String role) {
    // must have for kerb-token
    String krbPrincipal = principal + "@SH.INTEL.COM";

    PlainHeader header = new PlainHeader();
    //header.setCustomParameter("krbPrincipal", krbPrincipal);

    JWTClaimsSet jwtClaims = new JWTClaimsSet();

    String iss = "token-service";
    jwtClaims.setIssuer(iss);

    String sub = principal;
    jwtClaims.setSubject(sub);

    // must have for kerb-token
    jwtClaims.setSubject(krbPrincipal);

    jwtClaims.setClaim("group", group);
    if (role != null) {
        jwtClaims.setClaim("role", role);
    }

    List<String> aud = new ArrayList<String>();
    aud.add("krb5kdc-with-token-extension");
    jwtClaims.setAudience(aud);

    // Set expiration in 60 minutes
    final Date NOW =  new Date(new Date().getTime() / 1000 * 1000);
    Date exp = new Date(NOW.getTime() + 1000 * 60 * 60);
    jwtClaims.setExpirationTime(exp);

    Date nbf = NOW;
    jwtClaims.setNotBeforeTime(nbf);

    Date iat = NOW;
    jwtClaims.setIssueTime(iat);

    String jti = UUID.randomUUID().toString();
    jwtClaims.setJWTID(jti);

    PlainJWT jwt = new PlainJWT(header, jwtClaims);
    return jwt;
}
 
开发者ID:drankye,项目名称:haox,代码行数:45,代码来源:TokenTool.java

示例9: buildIDToken

import com.nimbusds.jwt.JWTClaimsSet; //导入方法依赖的package包/类
@Override
public String buildIDToken(OAuthAuthzReqMessageContext request, OAuth2AuthorizeRespDTO tokenRespDTO)
        throws IdentityOAuth2Exception {

    String issuer = OAuth2Util.getIDTokenIssuer();
    long lifetimeInMillis = Integer.parseInt(config.getOpenIDConnectIDTokenExpiration()) * 1000;
    long curTimeInMillis = Calendar.getInstance().getTimeInMillis();
    // setting subject
    String subject = request.getAuthorizationReqDTO().getUser().getAuthenticatedSubjectIdentifier();

    String nonceValue = request.getAuthorizationReqDTO().getNonce();

    // Get access token issued time
    long accessTokenIssuedTime = getAccessTokenIssuedTime(tokenRespDTO.getAccessToken(), request) / 1000;

    String atHash = null;
    String responseType = request.getAuthorizationReqDTO().getResponseType();
    //at_hash is generated on access token. Hence the check on response type to be id_token token or code
    if (!JWSAlgorithm.NONE.getName().equals(signatureAlgorithm.getName()) &&
            !OAuthConstants.ID_TOKEN.equalsIgnoreCase(responseType) &&
            !OAuthConstants.NONE.equalsIgnoreCase(responseType)) {
        String digAlg = mapDigestAlgorithm(signatureAlgorithm);
        MessageDigest md;
        try {
            md = MessageDigest.getInstance(digAlg);
        } catch (NoSuchAlgorithmException e) {
            throw new IdentityOAuth2Exception("Invalid Algorithm : " + digAlg);
        }
        md.update(tokenRespDTO.getAccessToken().getBytes(Charsets.UTF_8));
        byte[] digest = md.digest();
        int leftHalfBytes = 16;
        if (SHA384.equals(digAlg)) {
            leftHalfBytes = 24;
        } else if (SHA512.equals(digAlg)) {
            leftHalfBytes = 32;
        }
        byte[] leftmost = new byte[leftHalfBytes];
        for (int i = 0; i < leftHalfBytes; i++) {
            leftmost[i] = digest[i];
        }
        atHash = new String(Base64.encodeBase64URLSafe(leftmost), Charsets.UTF_8);
    }


    if (log.isDebugEnabled()) {
        StringBuilder stringBuilder = (new StringBuilder())
                .append("Using issuer ").append(issuer).append("\n")
                .append("Subject ").append(subject).append("\n")
                .append("ID Token life time ").append(lifetimeInMillis / 1000).append("\n")
                .append("Current time ").append(curTimeInMillis / 1000).append("\n")
                .append("Nonce Value ").append(nonceValue).append("\n")
                .append("Signature Algorithm ").append(signatureAlgorithm).append("\n");
        if (log.isDebugEnabled()) {
            log.debug(stringBuilder.toString());
        }
    }

    JWTClaimsSet jwtClaimsSet = new JWTClaimsSet();
    jwtClaimsSet.setIssuer(issuer);
    jwtClaimsSet.setSubject(subject);
    jwtClaimsSet.setAudience(Arrays.asList(request.getAuthorizationReqDTO().getConsumerKey()));
    jwtClaimsSet.setClaim("azp", request.getAuthorizationReqDTO().getConsumerKey());
    jwtClaimsSet.setExpirationTime(new Date(curTimeInMillis + lifetimeInMillis));
    jwtClaimsSet.setIssueTime(new Date(curTimeInMillis));
    jwtClaimsSet.setClaim("auth_time", accessTokenIssuedTime);
    if(atHash != null){
        jwtClaimsSet.setClaim("at_hash", atHash);
    }
    if (nonceValue != null) {
        jwtClaimsSet.setClaim("nonce", nonceValue);
    }

    request.addProperty(OAuthConstants.ACCESS_TOKEN, tokenRespDTO.getAccessToken());
    CustomClaimsCallbackHandler claimsCallBackHandler =
            OAuthServerConfiguration.getInstance().getOpenIDConnectCustomClaimsCallbackHandler();
    claimsCallBackHandler.handleCustomClaims(jwtClaimsSet, request);
    if (JWSAlgorithm.NONE.getName().equals(signatureAlgorithm.getName())) {
        return new PlainJWT(jwtClaimsSet).serialize();
    }
    return signJWT(jwtClaimsSet, request);
}
 
开发者ID:wso2-attic,项目名称:carbon-identity,代码行数:82,代码来源:DefaultIDTokenBuilder.java


注:本文中的com.nimbusds.jwt.JWTClaimsSet.setIssuer方法示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。